This article describes the threats and summaries of mitigation strategies in use or proposed by the Tor project.
The threats are:
- legal or policy pressure that discourages someone from running a Tor relay
- pressure on internet service providers, reducing the number of places where nodes can be run
- shunning by internet accessible services, who restrict access or features when they are accessed from Tor
Summary info in these quotes:
We used to think there are two main ways that the Tor network can fail. First, legal or policy pressure can make it so nobody is willing to run a relay. Second, pressure on or from Internet Service Providers can reduce the number of places willing to host exit relays, which in turn squeezes down the anonymity that the network can provide. Both of these threats are hard to solve, but they are challenges that we’ve known about for a decade, and due in large part to strong ongoing collaborations we have a pretty good handle on them.
We missed a third threat to Tor’s success: a growing number of websites treat users from anonymity services differently. Slashdot doesn’t let you post comments over Tor, Wikipedia won’t let you edit over Tor, and Google sometimes gives you a captcha when you try to search (depending on what other activity they’ve seen from that exit relay lately). Some sites like Yelp go further and refuse to even serve pages to Tor users.
The article deals only with mitigation only for the third, newly acknowledged threat:
The solution I envision is to get a person who is both technical and good at activism to focus on this topic. Step one is to enumerate the set of websites and other Internet services that handle Tor connections differently from normal connections, and look for patterns that help us identify the common (centralized) services that impact many sites. At the same time, we should make a list of solutions – technical and social – that are in use today. There are a few community-led starts on the Tor wiki already, like the DontBlockMe page and a List of Services Blocking Tor.
Step two is to sort the problem websites based on how amenable they would be to our help. Armed with the toolkit of options we found in step one, we should go to the first (most promising) site on the list and work with them to understand their problem. Ideally we can adapt one of the ideas from the toolkit; otherwise we’ll need to invent and develop a new approach tailored to their situation and needs. Then we should go to the second site on the list with our (now bigger) toolkit, and so on down the list. Once we have some success stories, we can consider how to scale better, such as holding a conference where we invite the five best success cases plus the next five unsolved sites on our list.
I think all the threats could potentially apply to SAFE.
Please spin off new topics to discuss any of this post, and I’ll add links to them here. Refer to the OP for what to post on this topic.